chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
51269 Commits
17 Branches
107 Tags
940 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 2453318da3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2453318da3'
${ noResults }
chamilo-lms/plugin/oauth2/src/callback.php

71 lines
2.5 KiB
Raw Blame History

<?php
/* For license terms, see /license.txt */
use League\OAuth2\Client\Token\AccessToken;
require __DIR__.'/../../../main/inc/global.inc.php';
$plugin = OAuth2::create();
$provider = $plugin->getProvider();
// If we don't have an authorization code then get one
if (!array_key_exists('code', $_GET)) {
// Fetch the authorization URL from the provider; this returns the
// urlAuthorize option and generates and applies any necessary parameters
// (e.g. state).
$authorizationUrl = $provider->getAuthorizationUrl();
// Get the state generated for you and store it to the session.
ChamiloSession::write('oauth2state', $provider->getState());
// Redirect the user to the authorization URL.
header('Location: '.$authorizationUrl);
exit;
}
// Check given state against previously stored one to mitigate CSRF attack
if (!array_key_exists('state', $_GET) || ($_GET['state'] !== ChamiloSession::read('oauth2state'))) {
ChamiloSession::erase('oauth2state');
exit('Invalid state');
}
try {
// Try to get an access token using the authorization code grant.
/**
* @var $accessToken AccessToken
*/
$accessToken = $provider->getAccessToken('authorization_code', [
'code' => $_GET['code'],
]);
ChamiloSession::write('oauth2AccessToken', $accessToken->jsonSerialize());
$userInfo = $plugin->getUserInfo($provider, $accessToken);
if ($userInfo['active'] != '1') {
throw new Exception($plugin->get_lang('AccountInactive'));
}
if (api_is_multiple_url_enabled()) {
$userId = $userInfo['user_id'];
$urlIdsTheUserCanAccess = api_get_access_url_from_user($userId);
$userCanAccessTheFirstURL = in_array(1, $urlIdsTheUserCanAccess);
$userCanAccessTheCurrentURL = in_array(api_get_current_access_url_id(), $urlIdsTheUserCanAccess)
or UserManager::is_admin($userId) and $userCanAccessTheFirstURL;
if (!$userCanAccessTheCurrentURL) {
throw new Exception($plugin->get_lang('UserNotAllowedOnThisPortal'));
}
}
} catch (Exception $exception) {
$message = Display::return_message($exception->getMessage(), 'error');
Display::addFlash($message);
header('Location: '.api_get_path(WEB_PATH));
exit;
}
ConditionalLogin::check_conditions($userInfo);
$_user['user_id'] = $userInfo['user_id'];
$_user['uidReset'] = true;
ChamiloSession::write('_user', $_user);
ChamiloSession::write('_user_auth_source', 'oauth2');
Redirect::session_request_uri(true, $userInfo['user_id']);